2004-11-24 19:21:25

by Andrew Patterson

[permalink] [raw]
Subject: [PATCH] cciss: Off-by-one error causing oops in CCISS_GETLUNIFO ioctl

This patch fixes an an "off-by-one" error found in the CCISS_GETLUNIFO
ioctl in the cciss driver. It is cycling through the part table of the
gendisk structure which is a zero-based array, not a one-based array.
This often causes an oops when referencing the out-of-bounds element.

Signed-off by: Andrew Patterson <[email protected]>
---

--- linux-2.6.9/drivers/block/cciss.c.orig 2004-11-24 10:22:30.000000000 -0700
+++ linux-2.6.9/drivers/block/cciss.c 2004-11-24 10:27:38.000000000 -0700
@@ -799,7 +799,7 @@
luninfo.num_opens = drv->usage_count;
luninfo.num_parts = 0;
/* count partitions 1 to 15 with sizes > 0 */
- for(i=1; i <MAX_PART; i++) {
+ for(i=0; i <MAX_PART-1; i++) {
if (!disk->part[i])
continue;
if (disk->part[i]->nr_sects != 0)



Attachments:
signature.asc (189.00 B)
This is a digitally signed message part